Fix no-psk (c2b290c3) · Commits · CYBER - Cyber Security / TS 103 523 MSP / ETS / ETS OpenSSL

ssl/statem/extensions_clnt.c

+3 −1

Original line number	Diff line number	Diff line
		@@ -744,7 +744,6 @@ EXT_RETURN tls_construct_ctos_early_data(SSL s, WPACKET pkt,
		unsigned int context, X509 *x,
		size_t chainidx)
		{
		char identity[PSK_MAX_IDENTITY_LEN + 1];
		const unsigned char *id = NULL;
		size_t idlen = 0;
		SSL_SESSION *psksess = NULL;
		@@ -764,7 +763,9 @@ EXT_RETURN tls_construct_ctos_early_data(SSL s, WPACKET pkt,
		return EXT_RETURN_FAIL;
		}

		#ifndef OPENSSL_NO_PSK
		if (psksess == NULL && s->psk_client_callback != NULL) {
		char identity[PSK_MAX_IDENTITY_LEN + 1];
		unsigned char psk[PSK_MAX_PSK_LEN];
		size_t psklen = 0;

		@@ -815,6 +816,7 @@ EXT_RETURN tls_construct_ctos_early_data(SSL s, WPACKET pkt,
		OPENSSL_cleanse(psk, psklen);
		}
		}
		#endif /* OPENSSL_NO_PSK */

		SSL_SESSION_free(s->psksession);
		s->psksession = psksess;

ssl/statem/extensions_srvr.c

+2 −0

Original line number	Diff line number	Diff line
		@@ -1047,6 +1047,7 @@ int tls_parse_ctos_psk(SSL s, PACKET pkt, unsigned int context, X509 *x,
		return 0;
		}

		#ifndef OPENSSL_NO_PSK
		if(sess == NULL
		&& s->psk_server_callback != NULL
		&& idlen <= PSK_MAX_IDENTITY_LEN) {
		@@ -1097,6 +1098,7 @@ int tls_parse_ctos_psk(SSL s, PACKET pkt, unsigned int context, X509 *x,
		OPENSSL_cleanse(pskdata, pskdatalen);
		}
		}
		#endif /* OPENSSL_NO_PSK */

		if (sess != NULL) {
		/* We found a PSK */

test/sslapitest.c

+10 −0

Original line number	Diff line number	Diff line
		@@ -1455,6 +1455,7 @@ static int use_session_cb(SSL ssl, const EVP_MD md, const unsigned char **id,
		return 1;
		}

		#ifndef OPENSSL_NO_PSK
		static unsigned int psk_client_cb(SSL ssl, const char hint, char *id,
		unsigned int max_id_len,
		unsigned char *psk,
		@@ -1482,6 +1483,7 @@ static unsigned int psk_client_cb(SSL ssl, const char hint, char *id,

		return psklen;
		}
		#endif /* OPENSSL_NO_PSK */

		static int find_session_cb(SSL ssl, const unsigned char identity,
		size_t identity_len, SSL_SESSION **sess)
		@@ -1509,6 +1511,7 @@ static int find_session_cb(SSL ssl, const unsigned char identity,
		return 1;
		}

		#ifndef OPENSSL_NO_PSK
		static unsigned int psk_server_cb(SSL ssl, const char identity,
		unsigned char *psk, unsigned int max_psk_len)
		{
		@@ -1535,6 +1538,7 @@ static unsigned int psk_server_cb(SSL ssl, const char identity,

		return psklen;
		}
		#endif /* OPENSSL_NO_PSK */

		#define MSG1 "Hello"
		#define MSG2 "World."
		@@ -2590,10 +2594,12 @@ static int test_tls13_psk(int idx)
		SSL_CTX_set_psk_use_session_callback(cctx, use_session_cb);
		SSL_CTX_set_psk_find_session_callback(sctx, find_session_cb);
		}
		#ifndef OPENSSL_NO_PSK
		if (idx == 1 \|\| idx == 2) {
		SSL_CTX_set_psk_client_callback(cctx, psk_client_cb);
		SSL_CTX_set_psk_server_callback(sctx, psk_server_cb);
		}
		#endif
		srvid = pskid;
		use_session_cb_cnt = 0;
		find_session_cb_cnt = 0;
		@@ -3756,7 +3762,11 @@ int setup_tests(void)
		#endif
		#ifndef OPENSSL_NO_TLS1_3
		ADD_TEST(test_ciphersuite_change);
		#ifdef OPENSSL_NO_PSK
		ADD_ALL_TESTS(test_tls13_psk, 1);
		#else
		ADD_ALL_TESTS(test_tls13_psk, 3);
		#endif /* OPENSSL_NO_PSK */
		ADD_ALL_TESTS(test_custom_exts, 5);
		ADD_TEST(test_stateless);
		ADD_TEST(test_pha_key_update);